def create_vip(vip_name=None, l3_uuid=None):
if not vip_name:
vip_name = 'test vip'
if not l3_uuid:
l3_name = os.environ.get('l3PublicNetworkName')
l3_uuid = test_lib.lib_get_l3_by_name(l3_name).uuid
vip_creation_option = test_util.VipOption()
vip_creation_option.set_name(vip_name)
vip_creation_option.set_l3_uuid(l3_uuid)
vip = zstack_vip_header.ZstackTestVip()
vip.set_creation_option(vip_creation_option)
vip.create()
return vip
def test():
'''
Since VR ip address is assigned by zstack, so we need to use VR to test
PF rules' connectibility.
PF test needs at least 3 VR existence. The PF VM's VR is for set PF
rule. The PF rule will add VIP for PF_VM. Besides of PF_VM's VR, there
are needed another 2 VR VMs. 1st VR public IP address will be set as
allowedCidr. The 1st VR VM should be able to access PF_VM. So the 2nd VR
VM should not be able to access PF_VM.
In this test, will also add SG rules to check the coexistence between
PF and SG. SG rule will be added onto PF_VM's internal IP.
'''
pf_vm = test_stub.create_vr_vm('migrate_pf_sg_vm1', 'imageName_net', 'l3VlanNetwork2')
test_obj_dict.add_vm(pf_vm)
l3_name = os.environ.get('l3VlanNetworkName1')
vr1_l3_uuid = test_lib.lib_get_l3_by_name(l3_name).uuid
vrs = test_lib.lib_find_vr_by_l3_uuid(vr1_l3_uuid)
temp_vm1 = None
if not vrs:
#create temp_vm1 for getting vlan1's vr for test pf_vm portforwarding
temp_vm1 = test_stub.create_vr_vm('migrate_temp_vm1', 'imageName_net', 'l3VlanNetworkName1')
test_obj_dict.add_vm(temp_vm1)
vr1 = test_lib.lib_find_vr_by_vm(temp_vm1.vm)[0]
else:
vr1 = vrs[0]
l3_name = os.environ.get('l3VlanNetwork3')
vr2_l3_uuid = test_lib.lib_get_l3_by_name(l3_name).uuid
vrs = test_lib.lib_find_vr_by_l3_uuid(vr2_l3_uuid)
temp_vm2 = None
if not vrs:
#create temp_vm2 for getting novlan's vr for test pf_vm portforwarding
temp_vm2 = test_stub.create_vr_vm('migrate_temp_vm2', 'imageName_net', 'l3VlanNetwork3')
test_obj_dict.add_vm(temp_vm2)
vr2 = test_lib.lib_find_vr_by_vm(temp_vm2.vm)[0]
else:
vr2 = vrs[0]
vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1)
vr2_pub_ip = test_lib.lib_find_vr_pub_ip(vr2)
pf_vm.check()
vm_nic = pf_vm.vm.vmNics[0]
vm_nic_uuid = vm_nic.uuid
pri_l3_uuid = vm_nic.l3NetworkUuid
vr = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid)[0]
vr_pub_nic = test_lib.lib_find_vr_pub_nic(vr)
l3_uuid = vr_pub_nic.l3NetworkUuid
vip_option = test_util.VipOption()
vip_option.set_l3_uuid(l3_uuid)
vip_uuid = net_ops.create_vip(vip_option).uuid
pf_creation_opt = PfRule.generate_pf_rule_option(vr1_pub_ip, protocol=inventory.TCP, vip_target_rule=Port.rule1_ports, private_target_rule=Port.rule1_ports, vip_uuid=vip_uuid, vm_nic_uuid=vm_nic_uuid)
test_pf = zstack_pf_header.ZstackTestPortForwarding()
test_pf.set_creation_option(pf_creation_opt)
test_pf.create(pf_vm)
pf_vm.check()
#Ignore this check, since it has been checked many times in other PF cases.
#test_pf.check()
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg_vm = zstack_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
vm_nics = (vm_nic_uuid, pf_vm)
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vr1_pub_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vr2_pub_ip)
sg1.add_rule([rule1])
test_util.test_dsc("Add nic to security group 1.")
test_util.test_dsc("PF rule is allowed, since VR1's IP is granted by SG Rule1.")
sg_vm.attach(sg1, [vm_nics])
test_pf.check()
test_stub.migrate_vm_to_random_host(pf_vm)
test_util.test_dsc("Remove rule1 from security group 1.")
test_util.test_dsc("PF rule is still allowed")
sg1.delete_rule([rule1])
test_pf.check()
test_util.test_dsc("Add rule2")
test_util.test_dsc("PF rule is not allowed, since rule2 only allowed the ingress from VR2, but VR2 can't pass PF rule. ")
sg1.add_rule([rule2])
test_pf.check()
test_util.test_dsc("Delete SG")
sg_vm.delete_sg(sg1)
test_util.test_dsc("PF rule is allowed")
test_pf.check()
if temp_vm1:
temp_vm1.destroy()
test_obj_dict.rm_vm(temp_vm1)
if temp_vm2:
temp_vm2.destroy()
test_obj_dict.rm_vm(temp_vm2)
test_pf.delete()
pf_vm.destroy()
test_obj_dict.rm_vm(pf_vm)
net_ops.delete_vip(vip_uuid)
test_util.test_pass("Test Port Forwarding TCP Rule Successfully")
def test():
global session_uuid
global session_to
global session_mc
thread_threshold = os.environ.get('ZSTACK_THREAD_THRESHOLD')
if not thread_threshold:
thread_threshold = 1000
else:
thread_threshold = int(thread_threshold)
vip_num = os.environ.get('ZSTACK_TEST_NUM')
if not vip_num:
vip_num = 0
else:
vip_num = int(vip_num)
#change account session timeout.
session_to = con_ops.change_global_config('identity', 'session.timeout',
'720000', session_uuid)
session_mc = con_ops.change_global_config('identity',
'session.maxConcurrent', '10000',
session_uuid)
session_uuid = acc_ops.login_as_admin()
test_util.test_logger('ZSTACK_THREAD_THRESHOLD is %d' % thread_threshold)
test_util.test_logger('ZSTACK_TEST_NUM is %d' % vip_num)
org_num = vip_num
vip_option = test_util.VipOption()
l3_name = os.environ.get('l3PublicNetworkName')
conditions = res_ops.gen_query_conditions('name', '=', l3_name)
l3_uuid = res_ops.query_resource_with_num(res_ops.L3_NETWORK, conditions, \
session_uuid, start = 0, limit = 1)[0].uuid
random_name = random.random()
vip_name = 'perf_vip_%s' % str(random_name)
vip_option.set_name(vip_name)
vip_option.set_session_uuid(session_uuid)
vip_option.set_l3_uuid(l3_uuid)
vm_num = 0
while vip_num > 0:
check_thread_exception()
vip_num -= 1
vip_option.set_description(org_num - vip_num)
if vm_num > (thread_threshold - 1):
vm_num = 0
thread = threading.Thread(target=create_vip, args=(vip_option, ))
vm_num += 1
while threading.active_count() > thread_threshold:
time.sleep(1)
thread.start()
while threading.active_count() > 1:
time.sleep(0.01)
cond = res_ops.gen_query_conditions('name', '=', vip_name)
vips_num = res_ops.query_resource_count(res_ops.VIP, cond, session_uuid)
con_ops.change_global_config('identity', 'session.timeout', session_to,
session_uuid)
con_ops.change_global_config('identity', 'session.maxConcurrent',
session_mc, session_uuid)
acc_ops.logout(session_uuid)
if vips_num == org_num:
test_util.test_pass('Create %d VIPs Test Success' % org_num)
else:
test_util.test_fail('Create %d VIPs Test Failed. Only find %d VIPs.' %
(org_num, vips_num))
def test():
global session_uuid
global session_to
global session_mc
thread_threshold = os.environ.get('ZSTACK_THREAD_THRESHOLD')
if not thread_threshold:
thread_threshold = 1000
else:
thread_threshold = int(thread_threshold)
eip_num = os.environ.get('ZSTACK_TEST_NUM')
if not eip_num:
eip_num = 0
else:
eip_num = int(eip_num)
#change account session timeout.
session_to = con_ops.change_global_config('identity', 'session.timeout',
'720000', session_uuid)
session_mc = con_ops.change_global_config('identity',
'session.maxConcurrent', '10000',
session_uuid)
session_uuid = acc_ops.login_as_admin()
test_util.test_logger('ZSTACK_THREAD_THRESHOLD is %d' % thread_threshold)
test_util.test_logger('ZSTACK_TEST_NUM is %d' % eip_num)
org_num = eip_num
vip_option = test_util.VipOption()
l3_name = os.environ.get('l3PublicNetworkName')
conditions = res_ops.gen_query_conditions('name', '=', l3_name)
l3_uuid = res_ops.query_resource_with_num(res_ops.L3_NETWORK, conditions, \
session_uuid, start = 0, limit = 1)[0].uuid
cond = res_ops.gen_query_conditions('l3NetworkUuid', '!=', l3_uuid)
vm_nic_num = res_ops.query_resource_count(res_ops.VM_NIC, cond, \
session_uuid)
if vm_nic_num < eip_num:
test_util.test_fail(
'This test needs: %d vm nics for pf attaching and detaching operations. But there are only %d vm nics. Please use this case: test_crt_basic_vm_with_max_threads.py to create required VMs.'
% (eip_num, vm_nic_num))
nics = []
start_num = 0
while eip_num > 0:
vm_nics = res_ops.query_resource_fields(res_ops.VM_NIC, cond, \
session_uuid, ['uuid'], start_num, thread_threshold)
for nic in vm_nics:
nics.append(nic.uuid)
eip_num -= thread_threshold
start_num += thread_threshold
eip_num = org_num
random_name = random.random()
vip_name = 'perf_vip_%s' % str(random_name)
vip_option.set_name(vip_name)
vip_option.set_session_uuid(session_uuid)
vip_option.set_l3_uuid(l3_uuid)
vic_num = 0
while eip_num > 0:
check_thread_exception()
eip_num -= 1
vip_option.set_description(org_num - eip_num)
thread = threading.Thread(target=create_eip,
args=(
vip_option,
nics[vic_num],
))
vic_num += 1
while threading.active_count() > thread_threshold:
time.sleep(1)
thread.start()
while threading.active_count() > 1:
time.sleep(0.01)
cond = res_ops.gen_query_conditions('name', '=', 'eip_%s' % vip_name)
eips_num = res_ops.query_resource_count(res_ops.EIP, cond, session_uuid)
con_ops.change_global_config('identity', 'session.timeout', session_to,
session_uuid)
con_ops.change_global_config('identity', 'session.maxConcurrent',
session_mc, session_uuid)
acc_ops.logout(session_uuid)
if eips_num == org_num:
test_util.test_pass('Create %d EIPs Test Success' % org_num)
else:
test_util.test_fail('Create %d EIPs Test Failed. Only find %d EIPs.' %
(org_num, eips_num))
def test():
global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
# 1 create project
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
project_linked_account_uuid = project.linkedAccountUuid
if flavor['target_role'] == 'project_admin':
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(
project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(
'usernametwo', 'password').uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],
project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid,
attributes)
# login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(
project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(
project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
elif flavor['target_role'] == 'project_operator':
project_operator_name = 'username2'
project_operator_password = '******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(
project_operator_name,
project_operator_password,
attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(
'usernamethree', 'password').uuid
# login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],
project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(
project_operator_name, project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(
project_name, session_uuid=project_operator_session_uuid).uuid
elif flavor['target_role'] == 'project_member':
plain_user_name = 'username'
plain_user_password = '******'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(
plain_user_name, plain_user_password,
project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],
project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(
plain_user_name, plain_user_password)
# 4 login in project
#project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_login_uuid = iam2_ops.login_iam2_project(
project_name, plain_user_session_uuid).uuid
# Image related ops: Add, Delete, Expunge, sync image size, Update QGA, delete, expunge
if flavor['target_role'] == 'project_member':
statements = [{
"effect": "Allow",
"actions": ["org.zstack.header.vm.**"]
}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid)
vm_creation_option = test_util.VmOption()
pub_l3_uuid = test_lib.lib_get_l3_by_name(
os.environ.get('l3PublicNetworkName')).uuid
l3_net_uuid = test_lib.lib_get_l3_by_name(
os.environ.get('l3VlanNetworkName3')).uuid
acc_ops.share_resources([project_linked_account_uuid], [l3_net_uuid])
vm_creation_option.set_l3_uuids([l3_net_uuid])
image_uuid = test_lib.lib_get_image_by_name(
os.environ.get('imageName_net')).uuid
vm_creation_option.set_image_uuid(image_uuid)
acc_ops.share_resources([project_linked_account_uuid], [image_uuid])
instance_offering_uuid = test_lib.lib_get_instance_offering_by_name(
os.environ.get('instanceOfferingName_s')).uuid
vm_creation_option.set_instance_offering_uuid(instance_offering_uuid)
acc_ops.share_resources([project_linked_account_uuid],
[instance_offering_uuid])
vm_creation_option.set_name('vm_for_project_management')
vm_creation_option.set_session_uuid(project_login_uuid)
vm = test_stub.create_vm(image_uuid=image_uuid,
session_uuid=project_login_uuid)
vm_uuid = vm.get_vm().uuid
vip_option = test_util.VipOption()
vip_option.set_name("vip for pm")
vip_option.set_session_uuid(project_login_uuid)
vip_option.set_l3_uuid(pub_l3_uuid)
vm_nic = vm.vm.vmNics[0]
vm_nic_uuid = vm_nic.uuid
vip = net_ops.create_vip(vip_option)
eip_option = test_util.EipOption()
eip_option.set_name('eip for pm')
eip_option.set_session_uuid(project_login_uuid)
eip_option.set_vip_uuid(vip.uuid)
eip_option.set_vm_nic_uuid(vm_nic_uuid)
eip = net_ops.create_eip(eip_option)
net_ops.detach_eip(eip.uuid, session_uuid=project_login_uuid)
net_ops.attach_eip(eip.uuid, vm_nic_uuid, session_uuid=project_login_uuid)
net_ops.detach_eip(eip.uuid, session_uuid=project_login_uuid)
net_ops.delete_eip(eip.uuid)
net_ops.delete_vip(vip.uuid)
vm_ops.destroy_vm(vm_uuid, session_uuid=project_login_uuid)
vm_ops.expunge_vm(vm_uuid, session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
if virtual_id_uuid != None:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if project_admin_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_admin_uuid)
if project_operator_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_operator_uuid)
if plain_user_uuid != None:
iam2_ops.delete_iam2_virtual_id(plain_user_uuid)
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_pass('success test iam2 login in by project admin!')